Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

18-10

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 18 Managing Firewall Web Filter Rules

Configuring Web Filter Rules for IOS Devices

Configuring Web Filter Rules for IOS Devices

Web filter rules policies for IOS devices define how you want to handle HTTP traffic. The web filter

rules are a type of inspection rule that permits or denies traffic based on the Universal Resource Locator

(URL) address in the web request. If you allow HTTP traffic on an interface in your access rules, you

can subsequently deny (or drop) traffic if it is directed at an objectionable web site.

To configure web filtering rules for IOS devices:

1. Configure the interfaces that should filter web traffic (see below for the procedure).

2. Configure the local web filtering list to identify web sites that should always be permitted or denied

(see below for the procedure).

3. Configure web filter settings to identify the URL filtering server and other settings. For more

information, see Configuring Settings for Web Filter Servers, page 18-15.

Tip You can also configure web filtering as a zone based firewall rule. For more information, see Adding

Zone-Based Firewall Rules, page 21-12.

Related Topics

• Understanding Web Filter Rules, page 18-1

• Understanding Interface Role Objects, page 6-67

Block connection to HTTP

Proxy Server

(URL only)

Whether to prevent users from connecting to an HTTP proxy server.

Truncate CGI request by

removing CGI parameters

(URL only)

When a URL has a parameter list starting with a question mark (?), such

as a CGI script, whether to truncate the URL sent to the filtering server

by removing all characters after and including the question mark.

Block outbound requests if

absolute FTP path is not

provided

(FTP only)

Whether to prevent interactive FTP sessions that do not provide the

entire directory path when the user tries to change directories.

Long URL

(URL only)

How to handle URLs that are longer than the maximum allowed by the

filtering server: 4 KB for Websense, 3 KB for Smartfilter (N2H2).

Many times, long URLs are due to parameter lists, and you can use the

Truncate CGI request by removing CGI parameters option to

handle those URLs. For other long URLs, select from the following

options:

• Drop—Drop the long URL request.

• Truncate—Truncate the URL request to only the hostname or IP

address portion of the URL.

• Deny—Deny the URL request.

Table 18-4 Edit Web Filter Options Dialog Box (Continued)

Element Description

previous next